SOC Analyst Roadmap to Success

14 min readFeb 7, 2024

What’s in this article? This article will discuss background specific tips for landing your first SOC Analyst role. The four targeted audiences are college graduates, career changers from IT, Veterans, and the Autodidact. Each one with their own nuance to make it worthwhile dedicating this article for your roadmap to success.

Roadmap to Success

This series has given you insight into what a SOC Analyst does on a day to day basis and general strategies for finding your first job in cybersecurity as a SOC Analyst. It was written targeting four key audiences: the recent college graduate, those career changing from other areas in IT, the transitioning military, and those who are self-taught. This article will give background specific tips on things you need to know that apply directly to you.

I am going to repeat myself through these four sections driving home the idea that you have to prove your interest and back it up with examples and this is in addition to hard technical skills. Veterans have large networks of people and partnerships just waiting for them to plug into, the college graduate has career services with their school to leverage, people transitioning from other areas of IT already have real life experience often in domains that overlap with cybersecurity, and lastly, the auto didactic’s strongest selling point is their personal projects and involvement with the community at large.

I recommend to students with all backgrounds that are worried they don’t have much to talk about in an interview to deploy The Modern Honey Network as a project to AWS with a few honeypots. Take the data from it and do analysis on it. In the article The SOC Analyst Method I explain how to analyze a security event. Practice this method on the attackers of the honeypot and find interesting things to discuss in the interview.

One more plug. I will mention in this article how you should write your resume from your particular background. Give it your best shot to write your own resume but just starting out it can be difficult to highlight what you know. I have worked out a deal with Resume Raiders on your behalf to offer a 20% discount on services, just use coupon code SOCANALYSTNOW. I receive zero commissions or any discounts and it saves you about $60 for a full resume rewrite. Dave also offers services for a resume revision if only smaller changes are needed for a lesser price. He will share your resume on a Google Doc and you will collaborate back and forth as he asks you questions and you answer them in comments, then he pens your resume. I use him myself, that’s the only reason I recommend him.

So let’s get started.

Recent Graduate

Congratulations! You have or are about to graduate from college. It’s a monumental achievement and I hope you’ve learned a lot. Maybe you had an internship and that’s great because what you’re fighting now is lack of experience. Getting experience with commercial tools is one of the most difficult things to do. They cost millions of dollars and work in highly complex enterprise environments. But the hiring manager knows that. What he’s looking for is experience with any projects that you may have had while in school, any personal projects that you’ve had and overall checking to make sure you’re not a commodity graduate that has zero interest in cybersecurity other than the paycheck. So many people graduate and don’t know a thing and have no real passion or interest in cybersecurity. That is the reputation that you are fighting against as it concerns recent college graduates.

Your resume should reflect the projects that you’ve worked on during school. Resume Raiders is a professional resume writing service that I would recommend and have used before, but you have options. Explore your career services from your school to see if they have people who know how to write your resume in a way to highlight the experience you gained from your curriculum. This should be your first stop as they are familiar with what you’ve learned while in your program. And then maybe poke Resume Raiders for a revision if you’re not having any luck.

You need a project to talk about. The question of why you like cybersecurity is inevitable and be fully prepared to give them examples of the projects you’ve been a part of that you truly enjoyed. It’s going to come up, eventually, what you want to do in cybersecurity. One thing that you have on your side from a formal education is experience with a variety of things and you probably already kinda know what you like and don’t like. So talk about the classes and projects you truly enjoyed and say you’d like to work in the SOC for a few years to get even more breadth of experience before deciding on a speciality. When you’re finally in the SOC, you’ll see how we do things in the real world. And it’s often much different than the Ivory Tower you’ve learned about in college. Sometimes it’s messy with lots of red tape and your dream isn’t what it pans out to be. That is what happened to me as a penetration tester. I absolutely loved hacking around and had been doing it for years, and I thought all through college that this is exactly what I wanted to do and I was so sure of myself. I started in the SOC, worked really hard, and became a pentester and then learned I absolutely hated it. It was the worst! Luckily, I was already qualified to be a SOC Analyst, so I regrouped, and then found my way into Security Engineering with nothing lost. I haven’t strayed too far from the SOC ever since.

Your degree is not going to get you a job alone. It’s an important step in any career, but it’s significantly less important today than it was a while ago. Most big companies have removed the requirement to have a college degree but there are still some that require it. Those that require it, they should be your first applications while applying for jobs. Less people have college degrees so there might be less competition.

From IT

So you want to join the exciting world of cybersecurity. As you might know already a SOC Analyst might be a temporary pay cut depending on your seniority in IT. You’re looking at around $80-$100k starting out. But you might be considering it because you’ve hit the glass ceiling in IT and you’ve done your research and know the glass ceiling is higher in cybersecurity. You might just be more interested in a domain in cybersecurity and need the SOC Analyst to get there. Whatever the reason, you’re reading this book and being a SOC Analyst is on your mind. There’s a few things you need to know.

It’s a lot like IT. The same exact problems you’re having in IT you’re going to have in cybersecurity. On-call is typical, it changes rapidly, there is a glass ceiling you’re inevitably going to hit, and after a while you realize it’s a glorified customer service position.

You might already have certifications that apply to cybersecurity, like any networking or Microsoft certifications are a plus, any CompTia is good too. In general you’re familiar with the certification game. You may be past the certification game in your career in IT but be prepared to start it all over starting as a SOC Analyst.

It almost sounds like I’m discouraging you from becoming a SOC Analyst but I’m not. I know how important it is for us to do stuff we like to do. The only reason I’m writing a book is because I enjoy writing. It’s so difficult to be stuck doing work you don’t like and to make it worse, you probably won’t be really good at it. I would only suggest this path to someone from IT only if they like cybersecurity. It doesn’t matter the reason, just be prepared to discuss that in an interview.

I recommend going to the ISC2 website and finding the domains of cybersecurity and writing your resume with skills and experience you gained at your previous employers in those domains. There will be a lot of overlap. Anyone that has a significant amount of experience in IT is qualified for a SOC Analyst job, and since you picked up this book you already know why you’re interested. Out of all the backgrounds this book applies to, your background will be the easiest to find work in cybersecurity.

Experience trumps everything.

Auto didactics

Calling all hackers. You only really end up in this category if you’ve been hacking around at things for years and are sitting around thinking how it’d be great to do this for a living. Well good news, it happens all the time but there’s some things to think about.

How do you quantify experience with something you’re not supposed to be doing? First off, congratulations for staying out of jail and I say that assuming you’ve kept your nose clean. If you haven’t, there aren’t many people that will hire you. It does happen and there are companies that will hire extremely talented felons but it’s rare and what happens is they create their own companies and other companies hire them as a contractor. But that’s so rare I’m not going to cover it in detail.

Here’s what you do for those hacking away out there on your own. You play things like TryHackMe and place in the top percentages. When asked what experience you have you tell them you set up labs and give the spill about your lab environment before they can even ask. You go out and get a bug bounty and put it on your resume. You contribute to a community project or improve on a common tool. You write your own blog, and publish articles about your research.

It’s significantly more difficult for you to get a call back from a job posting and compete with all the other applicants with your resume alone. The tips described in the article Job Hunting for going out to conferences, hackerspaces and makerspaces, and meetups are absolutely critical. You need to be at every single one and start contributing. Pick a topic and give presentations or just make the coffee. Get on LinkedIn and add SOC Analysts, joining a group and contributing. You need a resume, but you also need to know someone on the inside to pick your resume from the pile and give you an interview.

Out of all the backgrounds this book covers, this is the most difficult to land a job in cybersecurity because you need twice the skill as the college graduate and good luck. However, you’re most likely to succeed in the long run because you can’t teach passion.

You’re going to have to do a lot of work for free before you build the reputation to get paid to do it.

Veterans

Veterans have the opportunity to access complimentary cybersecurity training and scholarships, enabling them to acquire the necessary knowledge, skills, and abilities (KSAs) for entry into the cybersecurity sector.

The CyberCorps®: Scholarship for Service (SFS) initiative, a collaboration between the Department of Homeland Security (DHS) and the National Science Foundation (NSF), extends cybersecurity scholarships to exceptional undergraduate, graduate, and doctoral students. Eligible individuals can currently receive financial support ranging from $27,000 to $37,000 for their studies at participating institutions.

SFS scholarships cover the typical expenses incurred by full-time students at participating institutions, encompassing tuition and related fees for a maximum of two years. When combined with the Post-9/11 GI Bill, which provides up to 36 months of financial assistance for education and training in various fields, including cybersecurity, veterans may have the opportunity to earn a cybersecurity degree without incurring costs.

The DHS facilitates training through the Federal Virtual Training Environment (FedVTE) platform, an online, on-demand training resource accessible to government employees and veterans. FedVTE offers over 800 hours of free training on cybersecurity and IT topics, ranging from beginner to advanced levels. The courses cover diverse areas such as ethical hacking, risk management, surveillance, and malware analysis. Additionally, they align with certifications like Network+, Security+, and Certified Information Systems Security Professional (CISSP).

The SANS Institute’s VetSuccess Academy is tailored to support veterans in their cybersecurity endeavors however it has been mentioned that this SANS program should be viewed as more of a lottery ticket because they rarely see anyone get picked for any particular cohort. However, there is a good success rate to have the GI bill pay for a SANS degree which bundles individual certifications into a degree program. The certifications themselves are highly regarded in cybersecurity, and very expensive.

One problem that is common with military folks is they focus heavily on certifications, but don’t get the hands-on experience and deep theory that they need for entry level technical positions. And to make matters worse, the people I’ve talked with don’t feel that cybersecurity degree programs prepare the transitioning military well either as they focus on high level policy.

The military trains you to look for qualifications and meet requirements for service ribbons/medals. And since certifications don’t matter as much as practical hands-on project work, this leads to veterans falling prey to predator bootcamps at an above average rate leaving them still unqualified to actually do the work or pass the interview.

Note: They recommend a general computer science degree program at a brick and mortar college if you choose to go the degree route.

Before you transition, be aware of Skillbridge. Essentially it allows for military members on active duty to spend the last 180 days of their time on active duty to work (for free to the business) for a company as an intern. They maintain their military pay and benefits. The company gets a free intern. This often can pivot into a full time offer upon separation from the service but if not, it will give you a little experience and someone to vouch for you.

Furthermore, VeteranSec serves as an online community for military veterans engaged in or interested in information technology and cybersecurity. The platform provides a private networking channel of over 7000 veterans, free training videos, partnerships with companies to take advantage of, and an informative cybersecurity blog with tutorials to aid veterans in their professional development.

Summary

I hope this article has provided you with a few additional useful strategies for your road to success. Each one of these backgrounds presents an opportunity for us to provide insights into the challenges, even reputations, that you are fighting against and that you need to be aware of as you trudge the road ahead. Use the tools given to you in this book, with the additional insight from this article to form a plan of attacking your job search and if you’re lucky, interviews. Not everyone is going to have the same experience with their journey to success. Some will be more difficult than others. We’re not all on the same playing field. I know that may not be what you want to hear but corporate America, and capitalism in general, is a game. Once you learn the rules and what moves you forward, you can strategize on what makes you desirable to employers. You build a brand for yourself. For me, it was certifications and education to start with, but after some years I fail to even mention it during interviews and I’m never asked about it because we’re too busy talking about experience. If you have experience, it trumps everything. If you don’t yet, you need a formal school, the community, your friends, any internships, former employers, and even yourself to vouch for you and provide examples to show your potential value.

And for the lone hackers, the autodidacts, the self-taught, let’s all remember that for whatever the case they are the underdogs but they are the few and the proud. Be nice to them and make friends, you’ll thank me later.

ARTICLE QUIZ (ANSWERS FOLLOW)

Which audience is not specifically targeted by the chapter on achieving success as a SOC analyst?

Ⓐ Career changers from healthcare

Ⓑ College graduates

Ⓓ The Autodidact

What is a recommended project for interview preparation mentioned in the chapter?

Ⓐ Creating a personal blog

Ⓑ Deploying The Modern Honey Network on AWS

Ⓓ Writing a thesis on cybersecurity trends

Which service offers a 20% discount on resume services specifically for aspiring SOC analysts?

Ⓐ LinkedIn Premium

Ⓑ Resume Raiders

Ⓓ Monster Resume Writing Service

What is identified as the strongest selling point for autodidacts seeking a SOC Analyst role?

Ⓐ Their formal education

Ⓑ Their professional network

Ⓓ Their military background

For recent college graduates, what is considered a significant challenge when applying for SOC Analyst roles?

Ⓐ Overqualification

Ⓑ Lack of real-world experience

Ⓓ Excessive specialization

What is a common misconception about certifications according to the veteran’s section?

Ⓐ They guarantee a job in cybersecurity

Ⓑ They are not valued by employers

Ⓓ They are more important than hands-on experience

Which online platform is mentioned as a resource for veterans interested in cybersecurity?

Ⓐ Coursera

Ⓑ VeteranSec

Ⓓ Khan Academy

What advice is given to those transitioning from IT to cybersecurity regarding their resume?

Ⓐ Highlight all previous job titles, regardless of relevance

Ⓑ Focus exclusively on cybersecurity certifications

Ⓓ Downplay any ITexperience to avoid being overqualified

ARTICLE QUIZ SOLUTIONS

Which audience is not specifically targeted by the chapter on achieving success as a SOC analyst?

Ⓐ Career changers from healthcare

The chapter specifically targets college graduates, career changers from IT, veterans, and the autodidact, not those transitioning from healthcare. This highlights the tailored advice for individuals with different backgrounds moving into cybersecurity.

What is a recommended project for interview preparation mentioned in the chapter?

Ⓑ Deploying The Modern Honey Network on AWS

Deploying The Modern Honey Network on AWS with a few honeypots and analyzing the data is recommended as a project to prepare for interviews. This hands-on project demonstrates a candidate’s practical skills and ability to analyze security events, making it a valuable talking point during interviews.

Which service offers a 20% discount on resume services specifically for aspiring SOC analysts?

Ⓑ Resume Raiders

Resume Raiders is mentioned as offering a 20% discount on resume services for aspiring SOC analysts with the use of a specific coupon code. This service helps candidates tailor their resumes for the cybersecurity field, enhancing their job application process.

What is identified as the strongest selling point for autodidacts seeking a SOC Analyst role?

For autodidacts, their strongest selling point is their personal projects and involvement with the community at large. This demonstrates their passion and self-motivated learning in the field of cybersecurity, which is highly valued by employers.

For recent college graduates, what is considered a significant challenge when applying for SOC Analyst roles?

Ⓑ Lack of real-world experience

Recent college graduates often face the challenge of lack of real-world experience, especially with commercial tools and complex enterprise environments. Employers look for any projects or personal initiatives that show a candidate’s interest and practical skills in cybersecurity beyond academic achievements.

What is a common misconception about certifications according to the veteran’s section?

Ⓓ They are more important than hands-on experience.

A common misconception addressed in the chapter is the overemphasis on certifications over practical hands-on experience, especially for veterans. While certifications are valuable, the chapter underscores that practical experience and the ability to apply knowledge in real-world situations are more critical for entry-level technical positions.

Which online platform is mentioned as a resource for veterans interested in cybersecurity?

Ⓑ VeteranSec

VeteranSec is mentioned as an online platform providing a private networking channel, free training videos, partnerships, and a cybersecurity blog specifically for military veterans interested in transitioning to cybersecurity. It’s a resource for veterans to connect, learn, and advance in their cybersecurity careers.

What advice is given to those transitioning from IT to cybersecurity regarding their resume?

Those transitioning from IT to cybersecurity are advised to write their resumes highlighting skills and experience in domains that overlap with cybersecurity. This strategy leverages their existing IT background, showcasing their relevant skills and making them appealing candidates for SOC Analyst roles.

Tyler Wall is the founder of Cyber NOW Education by night and works full time in the cybersecurity industry as his day job. He creates cybersecurity training material in his free time, often after feeling the need to shout what he’s just learned and also because a little bit of passive income never hurt anyone.

He holds bills for a Master of Science from Purdue University, and also CISSP, CCSK, CFSR, CEH, Sec+, Net+, A+ certifications

You can connect with him on LinkedIn.

Get 20% off all courses in our On-Demand catalog with coupon code “MEDIUMFRIENDS”
For a limited of time get a free copy of Jump-start Your SOC Analyst Career eBook that was published June 1, 2024, in exchange for a review on Amazon. Email tyler@cybernoweducation.com